On Wed, Sep 20, 2006 at 03:07:46PM +0100, Ben Wylie wrote: > MIME-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="----=_NextPart_000_0005_01C6DC77.1B7CF1F0" > > But then the first mime part is empty and changes the mime boundary: > > ------=_NextPart_000_0005_01C6DC77.1B7CF1F0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_001_0006_01C6DC77.1B7CF1F0"
It's not empty, it's a multipart that contains 2 parts. > They then have two mime parts with this new mime boundary, first a text > and then an html mime part: Yep, that's multipart/alternate. > They then revert back to the original mime boundary for the image spam > mime part: Yep, the image isn't an alternate for the text parts. > Does this happen in legitimate emails as well? Absolutely. > I have never seen this in a legit email, however i do spend far longer > looking at spam then i do ham. You have never seen MIME encoded ham? -- Randomly Selected Tagline: "I'm not allowed to go to Home Depot anymore because I once made the mistake of trying to build a deck." - Hal Stern
pgpu8SJ11HJ38.pgp
Description: PGP signature
